NAT is not an option [LWN.net]

NAT is not an option

Posted Oct 21, 2010 9:03 UTC (Thu) by job (guest, #670)
In reply to: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com) by neilbrown
Parent article: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

That most applications are web and email are to be expected since NAT boxes are so prevalent. Many other applications look like HTTP traffic for this very reason.

NAT has held back service development in the network for at least a decade. That's why VoIP isn't more common than it is and why we're stuck with things like Skype which won't develop further. That's why real time gaming is limited to geeks who forward their TCP ports.

Carriers need v6 too, to keep the service innovation alive in the network, not limited to stateless HTTP. They just hope the cost of transitioning will go down if they wait. Carrier grade NAT is not really an option in the bigger picture.

Things get complicated because some people confuse their NAT and their stateful firewalling. It is the latter you really want to make sure you can only reach your network via VPN. (Please remember that IPsec for IPv4 is really a backport of what originated as IPv6 technology.) In fact, security will improve when you get rid of NAT since you don't have to use port forwarding (which especially with UPnP is not a good idea security wise).